[vpn-help] v2.1.7 and 2.2.0 on win2008r2 , iked does not see answer from server

Alexis La Goutte alexis.lagoutte at gmail.com
Mon Mar 5 01:44:24 CST 2012


Hi Martin,

Did your check your firewall ?

But.. I not sure if Shrew VPN are compatible with Windows 2008 R2...
VPN Client is not provided to be installed on a server...

Regards,

On Thu, Mar 1, 2012 at 2:35 PM, Martin Forster <martin.forster at kuenz.com>wrote:

> Hi,
>
> i have installed v.2.1.7, and 2.2.0.
> With both clients same behaviour:
> 12/03/01 14:22:54 ii : ipc client process thread begin ...
> 12/03/01 14:22:54 <A : peer config add message
> 12/03/01 14:22:54 <A : proposal config message
> 12/03/01 14:22:54 <A : proposal config message
> 12/03/01 14:22:54 <A : client config message
> 12/03/01 14:22:54 <A : xauth username message
> 12/03/01 14:22:54 <A : xauth password message
> 12/03/01 14:22:54 <A : local id 'HUPACVpN3' message
> 12/03/01 14:22:54 <A : preshared key message
> 12/03/01 14:22:54 <A : peer tunnel enable message
> 12/03/01 14:22:54 DB : peer ref increment ( ref count = 1, obj count = 0 )
> 12/03/01 14:22:54 DB : peer added ( obj count = 1 )
> 12/03/01 14:22:54 ii : local address 10.100.100.10 selected for peer
> 12/03/01 14:22:54 DB : peer ref increment ( ref count = 2, obj count = 1 )
> 12/03/01 14:22:54 DB : tunnel ref increment ( ref count = 1, obj count = 0
> )
> 12/03/01 14:22:54 DB : tunnel added ( obj count = 1 )
> 12/03/01 14:22:54 DB : tunnel ref increment ( ref count = 2, obj count = 1
> )
> 12/03/01 14:22:54 DB : new phase1 ( ISAKMP initiator )
> 12/03/01 14:22:54 DB : exchange type is aggressive
> 12/03/01 14:22:54 DB : 10.100.100.10:500 <-> xxx.xxx.xxx.xxx:500
> 12/03/01 14:22:54 DB : 778f93a865273a24:0000000000000000
> 12/03/01 14:22:54 DB : phase1 ref increment ( ref count = 1, obj count = 0
> )
> 12/03/01 14:22:54 DB : phase1 added ( obj count = 1 )
> 12/03/01 14:22:54 >> : security association payload
> 12/03/01 14:22:54 >> : - proposal #1 payload
> 12/03/01 14:22:54 >> : -- transform #1 payload
> 12/03/01 14:22:54 >> : -- transform #2 payload
> 12/03/01 14:22:54 >> : -- transform #3 payload
> 12/03/01 14:22:54 >> : -- transform #4 payload
> 12/03/01 14:22:54 >> : -- transform #5 payload
> 12/03/01 14:22:54 >> : -- transform #6 payload
> 12/03/01 14:22:54 >> : -- transform #7 payload
> 12/03/01 14:22:54 >> : -- transform #8 payload
> 12/03/01 14:22:54 >> : -- transform #9 payload
> 12/03/01 14:22:54 >> : -- transform #10 payload
> 12/03/01 14:22:54 >> : -- transform #11 payload
> 12/03/01 14:22:54 >> : -- transform #12 payload
> 12/03/01 14:22:54 >> : -- transform #13 payload
> 12/03/01 14:22:54 >> : -- transform #14 payload
> 12/03/01 14:22:54 >> : -- transform #15 payload
> 12/03/01 14:22:54 >> : -- transform #16 payload
> 12/03/01 14:22:54 >> : -- transform #17 payload
> 12/03/01 14:22:54 >> : -- transform #18 payload
> 12/03/01 14:22:54 >> : key exchange payload
> 12/03/01 14:22:54 >> : nonce payload
> 12/03/01 14:22:54 >> : identification payload
> 12/03/01 14:22:54 >> : vendor id payload
> 12/03/01 14:22:54 ii : local supports XAUTH
> 12/03/01 14:22:54 >> : vendor id payload
> 12/03/01 14:22:54 ii : local supports nat-t ( draft v00 )
> 12/03/01 14:22:54 >> : vendor id payload
> 12/03/01 14:22:54 ii : local supports nat-t ( draft v01 )
> 12/03/01 14:22:54 >> : vendor id payload
> 12/03/01 14:22:54 ii : local supports nat-t ( draft v02 )
> 12/03/01 14:22:54 >> : vendor id payload
> 12/03/01 14:22:54 ii : local supports nat-t ( draft v03 )
> 12/03/01 14:22:54 >> : vendor id payload
> 12/03/01 14:22:54 ii : local supports nat-t ( rfc )
> 12/03/01 14:22:54 >> : vendor id payload
> 12/03/01 14:22:54 >> : vendor id payload
> 12/03/01 14:22:54 ii : local supports DPDv1
> 12/03/01 14:22:54 >> : vendor id payload
> 12/03/01 14:22:54 ii : local is SHREW SOFT compatible
> 12/03/01 14:22:54 >> : vendor id payload
> 12/03/01 14:22:54 ii : local is NETSCREEN compatible
> 12/03/01 14:22:54 >> : vendor id payload
> 12/03/01 14:22:54 ii : local is SIDEWINDER compatible
> 12/03/01 14:22:54 >> : vendor id payload
> 12/03/01 14:22:54 ii : local is CISCO UNITY compatible
> 12/03/01 14:22:54 >= : cookies 778f93a865273a24:0000000000000000
> 12/03/01 14:22:54 >= : message 00000000
> 12/03/01 14:22:54 -> : send IKE packet 10.100.100.10:500 ->
> xxx.xxx.xxx.xxx:500 ( 1181 bytes )
> 12/03/01 14:22:54 0x : 4500049d b3bb0000 4011ffa4 0a64640a c207927a
> 01f401f4
> 04898150 778f93a8
> 12/03/01 14:22:54 0x : 65273a24 00000000 00000000 01100400 00000000
> 00000481
> 040002cc 00000001
> 12/03/01 14:22:54 0x : 00000001 000002c0 01010012 03000028 01010000
> 80010007
> 800e0100 80020001
> 12/03/01 14:22:54 0x : 80040002 8003fde9 800b0001 000c0004 00015180
> 03000028
> 02010000 80010007
> 12/03/01 14:22:54 0x : 800e0100 80020002 80040002 8003fde9 800b0001
> 000c0004
> 00015180 03000028
> 12/03/01 14:22:54 0x : 03010000 80010007 800e00c0 80020001 80040002
> 8003fde9
> 800b0001 000c0004
> 12/03/01 14:22:54 0x : 00015180 03000028 04010000 80010007 800e00c0
> 80020002
> 80040002 8003fde9
> 12/03/01 14:22:54 0x : 800b0001 000c0004 00015180 03000028 05010000
> 80010007
> 800e0080 80020001
> 12/03/01 14:22:54 0x : 80040002 8003fde9 800b0001 000c0004 00015180
> 03000028
> 06010000 80010007
> 12/03/01 14:22:54 0x : 800e0080 80020002 80040002 8003fde9 800b0001
> 000c0004
> 00015180 03000028
> 12/03/01 14:22:54 0x : 07010000 80010003 800e0100 80020001 80040002
> 8003fde9
> 800b0001 000c0004
> 12/03/01 14:22:54 0x : 00015180 03000028 08010000 80010003 800e0100
> 80020002
> 80040002 8003fde9
> 12/03/01 14:22:54 0x : 800b0001 000c0004 00015180 03000028 09010000
> 80010003
> 800e00c0 80020001
> 12/03/01 14:22:54 0x : 80040002 8003fde9 800b0001 000c0004 00015180
> 03000028
> 0a010000 80010003
> 12/03/01 14:22:54 0x : 800e00c0 80020002 80040002 8003fde9 800b0001
> 000c0004
> 00015180 03000028
> 12/03/01 14:22:54 0x : 0b010000 80010003 800e0080 80020001 80040002
> 8003fde9
> 800b0001 000c0004
> 12/03/01 14:22:54 0x : 00015180 03000028 0c010000 80010003 800e0080
> 80020002
> 80040002 8003fde9
> 12/03/01 14:22:54 0x : 800b0001 000c0004 00015180 03000024 0d010000
> 80010005
> 80020001 80040002
> 12/03/01 14:22:54 0x : 8003fde9 800b0001 000c0004 00015180 03000024
> 0e010000
> 80010005 80020002
> 12/03/01 14:22:54 0x : 80040002 8003fde9 800b0001 000c0004 00015180
> 03000024
> 0f010000 80010006
> 12/03/01 14:22:54 0x : 80020001 80040002 8003fde9 800b0001 000c0004
> 00015180
> 03000024 10010000
> 12/03/01 14:22:54 0x : 80010006 80020002 80040002 8003fde9 800b0001
> 000c0004
> 00015180 03000024
> 12/03/01 14:22:54 0x : 11010000 80010001 80020001 80040002 8003fde9
> 800b0001
> 000c0004 00015180
> 12/03/01 14:22:54 0x : 00000024 12010000 80010001 80020002 80040002
> 8003fde9
> 800b0001 000c0004
> 12/03/01 14:22:54 0x : 00015180 0a000084 a302a404 a53063e5 153bb1a9
> fe116be4
> 988f6761 0128a403
> 12/03/01 14:22:54 0x : 63a2e383 7798b4ba 6c128583 77827215 7a406ec3
> f83aff33
> 213779e0 84fca97d
> 12/03/01 14:22:54 0x : 18fc323c 58f86e70 6c037cb6 de4e4fc7 65d86b3c
> 6c71b76a
> 68f10500 5229a711
> 12/03/01 14:22:54 0x : 017851c3 936fc362 95070bb2 85588aa9 f5ae9016
> 06ac426f
> ac0f4895 d4cf033c
> 12/03/01 14:22:54 0x : 3cd7d527 225251bd 05000018 0235f4d4 a48095f1
> 36cd70d5
> ebc533cd cea43320
> 12/03/01 14:22:54 0x : 0d000011 0b000000 48555041 4356704e 330d0000
> 0c090026
> 89dfd6b7 120d0000
> 12/03/01 14:22:54 0x : 14448515 2d18b6bb cd0be8a8 469579dd cc0d0000
> 1416f6ca
> 16e4a406 6d83821a
> 12/03/01 14:22:54 0x : 0f0aeaa8 620d0000 1490cb80 913ebb69 6e086381
> b5ec427b
> 1f0d0000 147d9419
> 12/03/01 14:22:54 0x : a65310ca 6f2c179d 9215529d 560d0000 144a131c
> 81070358
> 455c5728 f20e9545
> 12/03/01 14:22:54 0x : 2f0d0000 14afcad7 1368a1f1 c96b8696 fc775701
> 000d0000
> 143b9031 dce4fcf8
> 12/03/01 14:22:54 0x : 8b489a92 3963dd0c 490d0000 14f14b94 b7bff1fe
> f02773b8
> c49feded 260d0000
> 12/03/01 14:22:54 0x : 18166f93 2d55eb64 d8e4df4f d37e2313 f0d0fd84
> 510d0000
> 148404ad f9cda057
> 12/03/01 14:22:54 0x : 60b2ca29 2e4bff53 7b000000 1412f5f2 8c457168
> a9702d9f
> e274cc01 00
> 12/03/01 14:22:54 DB : phase1 resend event scheduled ( ref count = 2 )
> 12/03/01 14:22:54 DB : phase1 ref decrement ( ref count = 1, obj count = 1
> )
> 12/03/01 14:22:59 -> : resend 1 phase1 packet(s) [0/2] 10.100.100.10:500->
> xxx.xxx.xxx.xxx:500
> 12/03/01 14:23:04 -> : resend 1 phase1 packet(s) [1/2] 10.100.100.10:500->
> xxx.xxx.xxx.xxx:500
> 12/03/01 14:23:09 -> : resend 1 phase1 packet(s) [2/2] 10.100.100.10:500->
> xxx.xxx.xxx.xxx:500
> 12/03/01 14:23:14 ii : resend limit exceeded for phase1 exchange
>
>
> I have verified with a 2nd machine, that answer packets from the vpn server
> are coming.
> I dont see those packets on the client, even when i enable capture packets
> in
> the trace utility the file stays at 0 bytes.
>
> The client is a virtual machine on ESXi 4.1
>
> Any Hints?
> Martin Forster
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20120305/9b8b8b0f/attachment-0002.html>


More information about the vpn-help mailing list